Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review DANDI & GitHub log in/out flow & encryption strategy #52

Open
kabilar opened this issue Jan 31, 2024 · 1 comment
Open

Review DANDI & GitHub log in/out flow & encryption strategy #52

kabilar opened this issue Jan 31, 2024 · 1 comment
Assignees
@kabilar @aaronkanzer

Comments

@kabilar
Copy link
Member

kabilar commented Jan 31, 2024

No description provided.

@aaronkanzer
Copy link

@kabilar Just leaving some notes here in preparation for meeting w/ Roni tomorrow. (left this in a different GitHub Issue by accident -- re-posting here)

Main Technical Goals: 1. Confirm current observed behavior, 2.Discuss next steps where a user truly logs in and logs out.

Log-in/Log-out flow:

  • Logout doesn't actually "log" out of the system
  • Logout of GitHub does not log out of DANDI
  • Support for other OAuth providers -- has that been a conversation prior

Encryption:

  • Tokens locally aren't encrypted; they are sent over HTTPS though, so ideally encrypted-in-transit

Just some references of Login/Logout:

Frontend OAuth Client

Backend root configuration for login url

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kabilar kabilar

@aaronkanzer aaronkanzer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kabilar @aaronkanzer